User Account Control (UAC) setting questions and unable to sign in Microsoft account in Edge Chromium

[Windows 10 User]

I always create a local account with admin rights and I want UAC disabled and the files and programs which need to be run with admin rights to automatically do it (so I don't have to do it myself) so could someone tell me what Enable UAC - Filter all administrators (EnableLUA), Filter built-in Administrator, Installer detection, Secure Desktop on Prompt, UAC Admin prompt, UAC User prompt, UIAccess secure location require and UIAccess toggle settings do (as well as maybe other related settings)? I already searched for them on the web and see what NTLite says about them but it's still hard for me to understand.

What are UIAccess Applications, Admin Approval Mode, Secure Desktop (and maybe other related things to these settings), what will happen if I enable/disable them and what should I do since I told I don't want to be bothered by prompts but still run the programs with admin rights?

After setting some policies in NTLite I can't sign in my Microsoft account in Edge Chromium. When I try to sign in, it states:

"We can't sign you in right know

Sign in is not supported when running Microsoft Edge as an administrator. Please relaunch Microsoft Edge as a non-administrator and try signing in again.".

I tried an untouched image but afterwards I used Winaero Tweaker and Win10Privacy and I'm also having this problem.

EDIT: Now I tried an untouched image, used Winaero Tweaker and Win10Privacy and I can't even install the latest CU, which is needed for Edge Chromium. I'm having the 0x80073712 error.

 

[crypticus]

I always find them complicated too, i wonder what happens if u delete uac component, do they automatically act as disabled, are there any problems with softwares? too many questions... but i use them as this

</TweakGroup>
<TweakGroup name="UAC">
<Tweak name="System\PromptOnSecureDesktop">0</Tweak>
<Tweak name="System\ConsentPromptBehaviorAdmin">0</Tweak>
<Tweak name="System\EnableSecureUIAPaths">0</Tweak>
</TweakGroup>

 

[Windows 10 User]

I always find them complicated too, i wonder what happens if u delete uac component, do they automatically act as disabled, are there any problems with softwares? too many questions... but i use them as this

</TweakGroup>
<TweakGroup name="UAC">
<Tweak name="System\PromptOnSecureDesktop">0</Tweak>
<Tweak name="System\ConsentPromptBehaviorAdmin">0</Tweak>
<Tweak name="System\EnableSecureUIAPaths">0</Tweak>
</TweakGroup>

I think it can only be removed if one has a paid license, which isn't my case.

 

[ahazuarus]

Only need to add this toward the end of autounattend.xml before the last settings close tag, no other settings required from NTLite:

    <settings pass="offlineServicing">
        <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <EnableLUA>false</EnableLUA>
        </component>

 

[Windows 10 User]

Only need to add this toward the end of autounattend.xml before the last settings close tag, no other settings required from NTLite:

    <settings pass="offlineServicing">
        <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <EnableLUA>false</EnableLUA>
        </component>

Sorry, but could you explain what will that do?

 

[garlin]

EnableLUA is the global on/off switch for UAC, which will be applied to all users including Administrator.

If you want to use a smaller hammer, search online for registry edits which micro-manage the UAC settings. Then add the registry file during post-setup. But remember UAC is implemented to improve visibility, use carefully.

 

[Windows 10 User]

EnableLUA is the global on/off switch for UAC, which will be applied to all users including Administrator.

If you want to use a smaller hammer, search online for registry edits which micro-manage the UAC settings. Then add the registry file during post-setup. But remember UAC is implemented to improve visibility, use carefully.

So, will it let me sign in my Microsoft account in Edge Chromium but may compromise security?

 

[garlin]

UAC is when programs need elevated security to run (like on install, or access system files or data). Edge or any browsers run as you, and handle security on their own separate from system rights. If you install a browser add-on, it'll trigger UAC for permission to install but doesn't need it to run afterwards.

Oh yeah, don't browse as Administrator. If you're in the admin group, Edge shouldn't run as Admin unless something else is messed up.

 

[Windows 10 User]

UAC is when programs need elevated security to run (like on install, or access system files or data). Edge or any browsers run as you, and handle security on their own separate from system rights. If you install a browser add-on, it'll trigger UAC for permission to install but doesn't need it to run afterwards.

Oh yeah, don't browse as Administrator. If you're in the admin group, Edge shouldn't run as Admin unless something else is messed up.

But I don't know which setting causes this.

 

[garlin]

Error 0x80073712 translates to something's missing, like you dropped a critical component or one of the tweaking programs got too aggressive. Try building an image with zero tweaks (outside of NTLite). If that fails, post the preset here and someone can suggest what's required.

 

[Windows 10 User]

Error 0x80073712 translates to something's missing, like you dropped a critical component or one of the tweaking programs got too aggressive. Try building an image with zero tweaks (outside of NTLite). If that fails, post the preset here and someone can suggest what's required.

On sysnative.org it was said it was my HDD's fault (it has bad sectors) and so I had to replace it and do a clean install to be able to update Windows but how can a HDD cause a WU problem like this? I presume I have problems in my HDD for at least some months and I was able to upgrade until the previous WU error. Also, they said Edge Chromium's issue was a bug.

 

[garlin]

More to the story?

Error 0x80073712 is missing or corrupted file(s). Depending on how many bad sectors, DISM might repair it without reinstalling. Windows hides extra copy of critical system files just for this occasion. Open a new command prompt as Administrator:

DISM /Online /Cleanup-Image /CheckHealth (pray it's repairable)
DISM /Online /Cleanup-image /Restorehealth

 

[Windows 10 User]

More to the story?

Error 0x80073712 is missing or corrupted file(s). Depending on how many bad sectors, DISM might repair it without reinstalling. Windows hides extra copy of critical system files just for this occasion. Open a new command prompt as Administrator:

DISM /Online /Cleanup-Image /CheckHealth (pray it's repairable)
DISM /Online /Cleanup-image /Restorehealth

I already did that and it didn't work but is it really the HDD's fault (and not the tweak utilities') and even if I do another clean install will I have this problem?

 

[garlin]

When DISM passes, it's probably not HDD errors. I would start with a clean image, turn on system restore. Apply a batch of tweaks, test, and roll back using system restore since it will undo registry, services, or config hacks hidden from you.

 

[Windows 10 User]

When DISM passes, it's probably not HDD errors. I would start with a clean image, turn on system restore. Apply a batch of tweaks, test, and roll back using system restore since it will undo registry, services, or config hacks hidden from you.

That was what I was thinking but I'd take a lot of time. What about Edge Chromium's Microsoft account sign in problem? Do you know if Edge Chromium will be offered in WU?

 

[garlin]

I think you're running W10 Enterprise from the preset posted on another thread, so it may not be offered. Just download it off Edge for Enterprise (it's the complete executable, not the web installer).

Why do think testing will take a long time? Focus on the UAC settings first, ignore the other tweaks because they're unlikely to be involved. You really shouldn't accept a broken UAC setup.

 

[Windows 10 User]

I think you're running W10 Enterprise from the preset posted on another thread, so it may not be offered. Just download it off Edge for Enterprise (it's the complete executable, not the web installer).

Why do think testing will take a long time? Focus on the UAC settings first, ignore the other tweaks because they're unlikely to be involved. You really shouldn't accept a broken UAC setup.

Yes, I am. You're right, I now recall it. Isn't it strange it isn't offered to those who run the Enterprise edition? Already did that, but oddly, it comes in english and not in my language so I have to change it. Anyway, like I've told you, I'm unable to install it because it looks like I can only install it if I install the latest CU and I can't to it like I already said. What's weird is that I can install it on a VM after installing the latest CU and I don't need to install the 1909 optional Feature Update and the optional CU afterwards. It's weird the fact that the Feature Update and some CUs are being offered as optional updates and currently I have an optional CU being offered that is prior to the one (which wasn't optional) I successfully installed on the VM. It's also weird I can install Edge Chromium without having to install the optional updates beforehand but only the other ones.

Because like I said I use two different programs (besides NTLite) and each of them have dozens of settings. I know, but even only changing the UAC settings I'd still lose a lot of time since there are some of them and two programs besides NTLite.

Another thing, why do some of these programs have settings unchecked when I already enabled those settings in the other programs? Do they use different methods to achieve it?

EDIT: So, after doing a clean install using an untouched image and not using the mentioned programs I'm not having Edge Chromium's sign in problem so I don't know why I was told it was a Edge Chromium bug. One (or more) of the tweak utilities should be causing this problem.

 

[garlin]

Real Enterprise clients are org's who enforce admin policy on browsers, they don't want random offerings.

Cardinal rule of tech support: Start with a base feature you know absolutely works, slowly add layers until something breaks. Stop and investigate that change. Continue layer by layer until you're restored. Your VM build works, do a clean install with it and be patient putting everything back.

Just take it as a learning experience.

 

[Windows 10 User]

Real Enterprise clients are org's who enforce admin policy on browsers, they don't want random offerings.

Cardinal rule of tech support: Start with a base feature you know absolutely works, slowly add layers until something breaks. Stop and investigate that change. Continue layer by layer until you're restored. Your VM build works, do a clean install with it and be patient putting everything back.

Just take it as a learning experience.

So, you don't think the WU problem is caused by my HDD? Anyway, I guess I could integrate Edge Chromium but I don't know how to do it. Even if I did, I guess I'd want a silent install and remove the old Edge but wouldn't it be pointless since it would be outdated after some time so I'd have to integrate the latest versions from time to time?

 

[garlin]

Final word: if you're worried about outdated Edge versions, take the web installer and silent install. By default, Edge will auto-update itself like OneDrive & Skype does.